On Wellbeing
On Wellbeing is a corporate skills-based digital health app that removes barriers to support, is accessible, inclusive, wide-reaching and cost-effective. It offers 3 engaging scaffolded digital spaces to help individuals and organisations thrive and support organisations to implement sustainable wellbeing strategies: 'My Toolbox, 'My Space' and 'My Community'.
Features
- Skill based behaviour change app
- Predictive analytics to anticipate users' needs
- Advanced artificial intelligence algorithms tailor user experiences
- Established holistic wellness ecosystem through mental health/wellbeing resource integration
- Tailored corporate wellness solutions for organisations
- Aggregated wellbeing and mental health reporting
- User profile creation and management
- Dedicated space for sharing organisational wellness offerings
- Community token reward scheme to promote behaviour change
- Gratitude journal, vision board and reflection space with goal setting
Benefits
- Providing life/work coping mechanisms to improve mood, productivity and engagement
- Aggregated anonymised employee engagement data
- Preventative health measures reduce financial loss from sick leave
- Improve your attractive employee benefits package
- Data-driven insights
- Alignment to your Corporate Social Responsibility (CSR) objectives
- Increase user engagement in existing wellbeing provision
- Enhance communication and understanding across your organisation
- Boost staff retention and reduce recruitment costs
- Maximise your return on investment for employee wellbeing mapping
Pricing
£11.50 to £54.00 a user a year
- Free trial available
Service documents
Request an accessible format
Framework
G-Cloud 14
Service ID
3 2 1 9 9 2 2 9 6 4 3 1 7 6 5
Contact
ASPIRE SOFTWARE SYSTEMS LIMITED
Dominic Bennett
Telephone: +447715816296
Email: info@onwellbeing.com
Service scope
- Software add-on or extension
- No
- Cloud deployment model
- Private cloud
- Service constraints
-
Compatible with:
iPhone and iPod touch iOS 12.4 or later.
Android 5.0 or later. - System requirements
- Internet connection or phone signal for data usage
User support
- Email or online ticketing support
- Email or online ticketing
- Support response times
-
Response times vary based on severity. Typically we aim to respond to questions within 1 working day during weekdays. During weekends and public holidays we aim to address critical outages within 24 hours. We have flexibility to provide emergency operational/technical support if required.
Response times for our partners that can be contacted through our app (Shout, Samaritans, Emergency Medical Services) are provided by their respective organisations. - User can manage status and priority of support tickets
- No
- Phone support
- No
- Web chat support
- No
- Onsite support
- No
- Support levels
-
Remote email support is provided Monday-Friday, 9am-5pm.
All organisational licence owners will receive complementary support from their dedicated Account Manager, who will be directly contactable by email and telephone Monday-Thursday 9am-5pm and Friday 9am-2pm.
If service functionality is impeded through a technical fault, we aim to deal with critical outages within 24 hours. - Support available to third parties
- Yes
Onboarding and offboarding
- Getting started
-
Delivering scaffolded support, we provide users with a simple onboarding process by providing a QR code that they can scan to automatically launch the app. To install, users click 'Get' which automatically installs our mobile application onto their device.
To create a login, users launch our app from their device homepage and click 'Create your account'. We require users to input their full name, job role, email address, their companies' unique 7 digit code and their own bespoke password.
We encourage users to input their personal email address rather than a work-associated account. This encourages app usage outside of working hours and dissociates potential work-related stresses from personal reflection time.
Supporting users of all abilities, our app contains a password reveal button to assist account logins.
For account managers, our app's dashboard contains turn on/off Guide functionality to assist in illustrating what each section can provide for their organisation. This ensures user confidence and ability, maximising the quality of user experience. Should users have any questions or difficulties getting started, we offer support during our working hours. - Service documentation
- Yes
- Documentation formats
-
- Other
- Other documentation formats
-
- In-portal data
- XLS
- End-of-contract data extraction
- Users may submit an email or letter requesting their data be extracted at contract end. Our delivery time for data extraction varies based on the size of the requesting organisation. In all cases, we aim to deliver extracted data no later than 10 working days from receipt of a data extraction request.
- End-of-contract process
- Unless renewed, at contract expiry all user accounts are deleted without additional cost. Account Managers contact Service Administrators in advance to streamline renewal/contract end. Should a user wish to delete their account before contract expiry, this can be completed through the app. Users can visit their in-app profile and select 'Delete your account'. This requires 1 no-trick confirmation, upon which all user data is securely deleted. There is no additional charge for early account deletion. Upon app deactivation, user data is retained for a period of 1 calendar month in an idle state. After this time all data is irrevocably deleted.
Using the service
- Web browser interface
- Yes
- Supported browsers
-
- Internet Explorer 11
- Microsoft Edge
- Firefox
- Chrome
- Safari
- Opera
- Application to install
- Yes
- Compatible operating systems
-
- Android
- IOS
- Designed for use on mobile devices
- Yes
- Differences between the mobile and desktop service
-
We provide a science-led, intuitively designed mobile application for employees to manage their mental health and wellbeing.
Our bespoke app is custom built for mobiles, and optimised to streamline processes on mobile operating systems.
The web based portal interface is used to manage licenses and the community section content. - Service interface
- Yes
- User support accessibility
- WCAG 2.1 AA or EN 301 549
- Description of service interface
-
Compartmentalised spaces are navigated through a bottom banner providing a seamless user experience. The interface is personalised to each individual, providing a three-stage process to better mental resilience. Your toolbox (symbolised with a cube) offers simple ways for employees to make mental health gains through tips, real life stories, podcasts and games. ‘Your space’ (a hexagonal graphic) is a personal reflective wellbeing journal. ‘Your community’ (represented by a building) brings the organisations community wellbeing offers into one space.
The portal enables account holders to send push notification to staff about organisational wellness engagement opportunities and account-specific CSR activities . - Accessibility standards
- WCAG 2.1 AA or EN 301 549
- Accessibility testing
-
We have implemented accessibility features following user feedback, for example, the ability to switch between Light and Dark modes.
Currently, we have tested our interface against built-in accessibility features, for example, the 'iOS VoiceOver' screen reading function. With the option to expand the scope of our testing to third party and custom accessibility features in the future.
Our interface testing feedback groups comprise able persons. However, our Lead Developer is visually impaired and signs off on implementation of all interface and accessibility designs.
This enables immediate feedback and quality assurance of newly-trialled features, as the developer fully understands the needs of our users. - API
- No
- Customisation available
- Yes
- Description of customisation
-
Accredited users within an organisation are able to publish and share information within their organisation's community space and add their organisation's name to the community space.
Only users with the requisite credentials are able to create community content, create content categories and send push notifications. To avoid personal disruption, push notifications are limited to weekly.
Content within the app can be tagged and categorised manually. We aim to release an AI-driven tagging function prior to framework commencement which will automatically sort and tag content based on user preference.
Scaling
- Independence of resources
-
To monitor system performance and user activity trends we:
1. Anticipate spikes in demand by analysing data gathered by remote monitoring
2. Minimise general network traffic via efficient and proactive caching
3. Minimise performance degradation caused by heavy traffic by evenly distributing incoming requests across our server infrastructure
4. Ensure our server capacity is substantially higher than our average daily usage needs to account for spikes in activity
Analytics
- Service usage metrics
- Yes
- Metrics types
-
We do not track or share personal data. All service metrics we provide are sourced from anonymised, aggregated data.
Organisations have access to app usage and trends across resources accessed. We provide this data to organisations every 6 months, or organisations can access certain metrics through our online portal's real-time dashboard.
We also monitor generalised metrics that are not organisation specific, such as the total number of downloads. - Reporting types
-
- Real-time dashboards
- Regular reports
Resellers
- Supplier type
- Not a reseller
Staff security
- Staff security clearance
- Staff screening not performed
- Government security clearance
- None
Asset protection
- Knowledge of data storage and processing locations
- Yes
- Data storage and processing locations
- United Kingdom
- User control over data storage and processing locations
- No
- Datacentre security standards
- Complies with a recognised standard (for example CSA CCM version 3.0)
- Penetration testing frequency
- At least every 6 months
- Penetration testing approach
- In-house
- Protecting data at rest
- Physical access control, complying with another standard
- Data sanitisation process
- Yes
- Data sanitisation type
- Deleted data can’t be directly accessed
- Equipment disposal approach
- In-house destruction process
Data importing and exporting
- Data export approach
- Users can request data exportation by contacting our Customer Support Team, contactable through email.
- Data export formats
- CSV
- Data import formats
-
- CSV
- Other
- Other data import formats
- Form within the portal
Data-in-transit protection
- Data protection between buyer and supplier networks
- TLS (version 1.2 or above)
- Data protection within supplier network
- TLS (version 1.2 or above)
Availability and resilience
- Guaranteed availability
- Supporting our 99.9% service uptime, the app periodically retrieves and caches key data to ensure resources are available even when the service is unreachable by the web. Intensive resources such as video serving components are outsourced to a third-party cloud host to keep the overall load on our primary server to a minimum. Implementing automated failover, our mechanisms enable the server to quickly switch to backup systems or resources in the event of a failure, minimising disruption to users.
- Approach to resilience
- Through our automated failover mechanisms, we minimise downtime and proactively monitor system health and performance for early issue identification.
- Outage reporting
-
We monitor the health and performance of our service endpoints using UptimeRobot. This tool periodically send requests to our APIs and verifies that they return the expected responses within predefined thresholds.
If an API endpoint fails to respond or returns an unexpected status code, it triggers an alert indicating a potential outage. In addition to API monitoring, we use Sentry, an email alerting system, to provide immediate notification upon detecting an outage.
These email alerts contain details about the affected service, the nature of the issue, and any relevant diagnostic information to facilitate troubleshooting.
Identity and authentication
- User authentication needed
- Yes
- User authentication
- Username or password
- Access restrictions in management interfaces and support channels
- We restrict access to management interfaces and support channels through robust authentication mechanisms and role-based access controls. Username/password authentication is enforced for all users accessing sensitive systems or data. Role-based access controls limit privileges based on job responsibilities, ensuring that users only have access to the resources necessary for their roles. Access to support channels is granted based on predefined criteria, such as user roles or ticket ownership. Ensuring complete compliance, we audit and review our processes monthly.
- Access restriction testing frequency
- At least every 6 months
- Management access authentication
- Username or password
Audit information for users
- Access to user activity audit information
- Users contact the support team to get audit information
- How long user audit data is stored for
- At least 12 months
- Access to supplier activity audit information
- You control when users can access audit information
- How long supplier audit data is stored for
- At least 12 months
- How long system logs are stored for
- At least 12 months
Standards and certifications
- ISO/IEC 27001 certification
- No
- ISO 28000:2007 certification
- No
- CSA STAR certification
- No
- PCI certification
- No
- Cyber essentials
- No
- Cyber essentials plus
- No
- Other security certifications
- No
Security governance
- Named board-level person responsible for service security
- No
- Security governance certified
- No
- Security governance approach
- Our approach aligns to, but is not accredited by, the security standards as set out in the ISO27001 certification. We aim to complete our accreditation in the Cyber Essentials certification prior to framework start. We aim to work towards ISO27001 certification in the future. Our approaches and overarching goals align with the government's Cyber Security Strategy 2022-2030 policy.
- Information security policies and processes
-
For senior-led compliance, Dominic Bennett, Managing Director, has overall responsibility for our IT security strategy, supported by Ruby Darbyshire, Lead Developer, who has day-to-day responsibility for its implementation. Aligned to ISO27001, our information security policy and processes are reviewed annually.
Our Information Security Policy outlines access controls, software security measures, employee onboarding and offboarding procedures, device usage guidelines, password protocols, and guidelines for remaining vigilant against security risks such as phishing and social engineering.
To ensure compliance and adherence, we provide comprehensive induction and annual refresher training to all staff members, both new and existing. This training covers IT security awareness, proper system usage, GDPR compliance, and more. Additionally, we encourage a culture of shared responsibility, where each employee understands their role in maintaining security and promptly reports any breaches or concerns to IT.
Operational security
- Configuration and change management standard
- Supplier-defined controls
- Configuration and change management approach
- We track software components using managed Git version control repositories and versioned documentation to sit alongside all of our code. This means that all historical changes are logged and we can rollback to previous working versions without issue. Web deployments are issued through DeployBot, and mobile app deployments are built through Expo. Our build pipelines manage dependencies based on the deployed version. All changes are submitted by pull requests/approved by a Senior Developer before deployment to ensure code quality. Our pipelines ensure all changes are run through testing and staging platforms before becoming live on our production environment.
- Vulnerability management type
- Supplier-defined controls
- Vulnerability management approach
- Our vulnerability management process uses automated scans, manual assessments and threat intelligence feeds to swiftly identify and prioritise potential threats. We patch critical vulnerabilities promptly after thorough testing in a staged environment. We monitor industry-specific threat feeds, vendor advisories, and security bulletins for emerging threats. We enhance our threat intelligence capabilities through information sharing with trusted sources and participation in security communities.
- Protective monitoring type
- Supplier-defined controls
- Protective monitoring approach
- Designed to swiftly detect and respond to potential compromises of our systems and data, we continually monitor our intrusion detection systems to scrutinise network traffic, system logs and user activities for suspicious behaviour. Alerts are automatically generated based on predefined security thresholds, such as unauthorised access attempts or abnormal network traffic patterns. Upon detection of a potential compromise, our Incident Response Team is immediately notified, initiating a formal investigation. Response times are defined based on incident severity, with high-priority incidents addressed urgently to contain and mitigate threats.
- Incident management type
- Supplier-defined controls
- Incident management approach
- We use pre-defined processes for common events to ensure consistent and efficient incident handling. Users report incidents through our dedicated in-app support ticketing system. Once reported, we categorise incidents based on severity and impact, triggering appropriate response actions. Following resolution, we generate incident reports, outlining the cause, impact, and remediation measures taken. These reports are shared with all necessary parties to ensure transparency and continually improve our service.
Secure development
- Approach to secure software development best practice
- Conforms to a recognised standard, but self-assessed
Public sector networks
- Connection to public sector networks
- No
Social Value
- Social Value
-
Social Value
- Fighting climate change
- Covid-19 recovery
- Tackling economic inequality
- Equal opportunity
- Wellbeing
Fighting climate change
In partnership with Forest Carbon, we seek to offset some of our carbon output and have contribute towards planting 13 million trees throughout the UK
Reducing greenhouse gas emissions from unnecessary travel, we encourage employees to hold virtual meetings, where possible. Supporting environmentally conscious travel and employee flexibility, we schedule 1 office day per fortnight, with the remaining period comprising a hybrid working scheme with flexible hours.Covid-19 recovery
Demonstrating how we have adapted to remote work environments as a result of Covid-19, 95% of our workforce are now fully remote. To achieve this we provide company-issued laptops, software licenses and accessories to maintain our remote working capacity.
Recognising the significant, often ongoing, impact of the Covid-19 pandemic on workers and students, we ensure the provision of wellbeing content that covers topics including, but not limited to:
- Efficient planning when working from home
- Fostering social connections through virtual environments
- Maintaining health through mental and/or physical exercise
- Techniques to help alleviate stress or anxietyTackling economic inequality
Tackling economic inequality
Recognising the economic inequality frequently afforded to members of the disabled community we are a government certified Disability Confident Employer. This accreditation confirms that we display ongoing competence in the themes of:
- Employing the right people for our business needs
- Retaining our employees and ensuring ongoing development
- Going the extra mile to make sure disabled employees get a fair chance
Ensuring our partners conform to the same standards, we frequently monitor their efforts in tackling economic inequality. For example, The University of Derby, who we partner with to provide wellbeing services via the Work Health Hub, are also a certified Disability Confident Employer.Equal opportunity
Appreciating the benefits of fostering a diverse work environment, our team is comprised of different, multicultural backgrounds, with varying faiths and ethnicities. 33% of our employees identify as being from ethnic-minority backgrounds.
Following inclusive recruitment practices, we solicit reasonable adjustment needs from candidates before interview and ensure ongoing training provision of people with disabilities. Supporting the inclusion of disabled persons, 40% of our employees have some form of disability and 33% of our employees identify as neurodivergent.Wellbeing
Providing opportunities to establish and maintain open and honest communication, we operate a flat management structure with an ‘open door’ policy. Anyone can contact any manager directly to discuss issues or concerns.
Ensuring ongoing employee wellbeing, all staff have regular meetings with their Line Manager we also have a Head of Mental Health and Wellbeing that staff can engage with. Supporting employee engagement, supervision is focused on learning and celebrating success rather than being used as a non-compliant management tool.
Rewarding our employees’ service, we offer annual incentives including, but not limited to: - Regular annual leave increases - Regular salary reviews and increases - Performance-based bonuses - Birthdays off - Biannual staff events and activities Demonstrating confidence in our own product, employees are encouraged to use our app to aid their personal reflection and long-term goal setting. Providing a source of internal review, we schedule a ‘feedback Friday’ discussion where employees can give feedback on the app and their engagement with its content.
Maintaining employee health, we partner with SimplyPlan to offer complementary hearing, eyesight and health tests to post-probation employees. As a benefit of this scheme, our staff have access to a 24h virtual General Practitioner (GP) service and the option to schedule a local GP appointment within 1 working day.
Pricing
- Price
- £11.50 to £54.00 a user a year
- Discount for educational organisations
- No
- Free trial available
- Yes
- Description of free trial
- We offer a demonstration version of the app for interested parties to use. This includes all content and a user guide to the app. This does not include access to the management portal. Demo licenses are available for one month. Contact us for access.